A Survey On Universal Adversarial Attack

The intriguing phenomenon of adversarial examples has attracted significant attention in machine learning and what might be more surprising to the community is the existence of universal adversarial perturbations (UAPs), i.e. a single perturbation to fool the target DNN for most images. With the focus on UAP against deep classifiers, this survey summarizes the recent progress on universal adversarial attacks, discussing the challenges from both the attack and defense sides, as well as the reason for the existence of UAP. We aim to extend this work as a dynamic survey that will regularly update its content to follow new works regarding UAP or universal attack in a wide range of domains, such as image, audio, video, text, etc. Relevant updates will be discussed at: https://bit.ly/2SbQlLG. We welcome authors of future works in this field to contact us for including your new findings.

[1]  Roberto Santana,et al.  Universal adversarial examples in speech command classification , 2019, ArXiv.

[2]  Jian Liu,et al.  Enabling Fast and Universal Audio Adversarial Attack Using Generative Model , 2020, AAAI.

[3]  Thomas Brox,et al.  Universal Adversarial Perturbations Against Semantic Image Segmentation , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[4]  Olivier Pietquin,et al.  Playing the Game of Universal Adversarial Perturbations , 2018, ArXiv.

[5]  Chaoning Zhang,et al.  Understanding Adversarial Examples From the Mutual Influence of Images and Perturbations , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[6]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[7]  In So Kweon,et al.  CD-UAP: Class Discriminative Universal Adversarial Perturbation , 2020, AAAI.

[8]  George Danezis,et al.  Learning Universal Adversarial Perturbations with Generative Models , 2017, 2018 IEEE Security and Privacy Workshops (SPW).

[9]  Jian Liu,et al.  Defense Against Universal Adversarial Perturbations , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[10]  J. Zico Kolter,et al.  Fast is better than free: Revisiting adversarial training , 2020, ICLR.

[11]  In So Kweon,et al.  Double Targeted Universal Adversarial Perturbations , 2020, ACCV.

[12]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[13]  R. Venkatesh Babu,et al.  Ask, Acquire, and Attack: Data-free UAP Generation using Class Impressions , 2018, ECCV.

[14]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[15]  Ce Zhu,et al.  Decision-based Universal Adversarial Attack , 2020, ArXiv.

[16]  Valentin Khrulkov,et al.  Art of Singular Vectors and Universal Adversarial Perturbations , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[17]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[18]  R. Venkatesh Babu,et al.  Generalizable Data-Free Objective for Crafting Universal Adversarial Perturbations , 2018, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[19]  Isay Katsman,et al.  Generative Adversarial Perturbations , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[20]  Fahad Shahbaz Khan,et al.  Cross-Domain Transferability of Adversarial Perturbations , 2019, NeurIPS.

[21]  Aleksander Madry,et al.  Adversarially Robust Generalization Requires More Data , 2018, NeurIPS.

[22]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[23]  Song Bai,et al.  Regional Homogeneity: Towards Learning Transferable Universal Adversarial Perturbations Against Defenses , 2019, ECCV.

[24]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[25]  Tim Oates,et al.  Universal Adversarial Perturbation for Text Classification , 2019, ArXiv.

[26]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[27]  Bo Yuan,et al.  Real-Time, Universal, and Robust Adversarial Attacks Against Speaker Recognition Systems , 2020, ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[28]  Qi Tian,et al.  Appending Adversarial Frames for Universal Video Attack , 2019, 2021 IEEE Winter Conference on Applications of Computer Vision (WACV).

[29]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[30]  R. Venkatesh Babu,et al.  NAG: Network for Adversary Generation , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[31]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Robustness of classifiers: from adversarial to random noise , 2016, NIPS.

[32]  Nupur Kumari,et al.  A Method for Computing Class-wise Universal Adversarial Perturbations , 2019, ArXiv.

[33]  박춘식,et al.  Universal 해쉬 함수 , 1999 .

[34]  Tejas S. Borkar,et al.  Defending Against Universal Attacks Through Selective Feature Regeneration , 2019, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[35]  Saeed Mozaffari,et al.  Transferable Universal Adversarial Perturbations Using Generative Models , 2020, ArXiv.

[36]  Le Shu,et al.  Fast-UAP: Algorithm for Speeding up Universal Adversarial Perturbation Generation with Orientation of Perturbation Vectors , 2019, ArXiv.

[37]  Amit K. Roy-Chowdhury,et al.  Adversarial Perturbations Against Real-Time Video Classification Systems , 2018, NDSS.

[38]  Wen Gao,et al.  Universal Adversarial Perturbations Generative Network For Speaker Recognition , 2020, 2020 IEEE International Conference on Multimedia and Expo (ICME).

[39]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[40]  Jie Li,et al.  Universal Adversarial Perturbation via Prior Driven Uncertainty Approximation , 2019, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[41]  Hong Liu,et al.  Universal Perturbation Attack Against Image Retrieval , 2018, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[42]  Pascal Frossard,et al.  Analysis of universal adversarial perturbations , 2017, ArXiv.

[43]  Bin Dong,et al.  You Only Propagate Once: Accelerating Adversarial Training via Maximal Principle , 2019, NeurIPS.

[44]  Farinaz Koushanfar,et al.  Universal Adversarial Perturbations for Speech Recognition Systems , 2019, INTERSPEECH.

[45]  E Shepherd,et al.  With friends like these.... , 1999, Nursing times.

[46]  Liwei Song,et al.  Universal Adversarial Attacks with Natural Triggers for Text Classification , 2021, NAACL.

[47]  Larry S. Davis,et al.  Universal Adversarial Training , 2018, AAAI.

[48]  Thomas Brox,et al.  Defending Against Universal Perturbations With Shared Adversarial Training , 2018, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[49]  In-So Kweon,et al.  UDH: Universal Deep Hiding for Steganography, Watermarking, and Light Field Messaging , 2020, NeurIPS.

[50]  R. Venkatesh Babu,et al.  Fast Feature Fool: A data independent approach to universal adversarial perturbations , 2017, BMVC.

[51]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[52]  Aleksander Madry,et al.  Adversarial Examples Are Not Bugs, They Are Features , 2019, NeurIPS.

[53]  In So Kweon,et al.  Universal Adversarial Perturbations Through the Lens of Deep Steganography: Towards A Fourier Perspective , 2021, AAAI.

[54]  Sameer Singh,et al.  Universal Adversarial Triggers for Attacking and Analyzing NLP , 2019, EMNLP.

[55]  In So Kweon,et al.  Universal Adversarial Training with Class-Wise Perturbations , 2021, 2021 IEEE International Conference on Multimedia and Expo (ICME).